Poorly protected SMEs

No risk has become as important in the Swiss economy as cybercrime. This is the result of a representative survey of small and medium-sized enterprises (SMEs) conducted by the insurance company Zurich. In the meantime, 12 percent of SMEs assume that hackers represent a key risk for them. Compared to 2013, their share has more than quadrupled. Meanwhile, the proportion of SMEs that believe they are too small and insignificant to fall victim to cybercriminals has fallen significantly. Only 13 percent believe they will not be targeted by hackers in the first place.

548,000 SMEs are without protection
Although fear is rising sharply, the vast majority of Swiss SMEs are ill-equipped. Just 2.5 percent of the owners and managing directors surveyed state that their company has fully functional and updated protective measures. Extrapolated to the approximately 562,000 SMEs* in Switzerland, this means that 548,000 SMEs do not have effective protection. Particularly exposed are those companies that consider cyber risks to be a key risk and yet have not taken any measures. Their number is at least 53,000.
"This large discrepancy between risk awareness and the taking of concrete measures shows that the majority of SMEs are completely out of their depth and feel powerless in the face of cybercriminals," explains Christian La Fontaine, cyber risk specialist at Zurich. This, in turn, has two main reasons: "First, many management boards lack an expert in IT issues, so cyber risks have long been underestimated," La Fontaine says. "Second, effective measures are not always cheap. For a long time, SMEs were therefore hesitant to approve the necessary budgets."

Restaurants and hairdressers also affected
La Fontaine expects the percentage of highly exposed SMEs to increase in the coming years. "The more digitized companies' business models are, the more likely they are to be exposed to cyber risks." Restaurants or hairdressers, for example, who take reservations or bookings mainly via the Internet or apps, can suffer painful revenue losses after a hacker attack. "If customers can no longer make reservations online as usual, only walk-in customers remain," La Fontaine explains. While it used to be true that large SMEs in particular were exposed to risks in cyberspace, this is increasingly true for smaller businesses as well.

Fear of data theft
In the area of cyber risks, SMEs are particularly afraid of data theft. "The damage is particularly serious when criminals steal customers' credit card data," says La Fontaine. "If this happens, an SME often faces serious reputational damage and a drop in sales." In second place is the fear of forced business interruption. "This can occur when hackers overload a website with a flood of requests, making it impossible for customers to access the site," La Fontaine explains. Viruses can also force interruptions. "If an employee opens an email with a virus, an entire IT system can be blocked for days."

Press Release Zurich Insurance Group Ltd

Details of the survey, which was conducted by the research company GfK: here